lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F0F6D2B.6090807@gmail.com>
Date: Thu, 12 Jan 2012 18:30:51 -0500
From: Byron Sonne <byron.sonne@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Rate Stratfor's Incident Response

Hello,

> Bad analogy.  Closer would be if you have a house that's got a driveway on a
> public street, and you claim it's not breaking and entering if you walk up the
> driveway, try the doorknob, find it unlocked, and let yourself in without the
> permission of the residents.  Saying that "anybody could walk up and let
> themselves in the door" doesn't make it legal.

This is a pretty classic analogy that I've used many times myself, but
for many years now I've found myself questioning it... I mean good
analogies are valuable, but I think in this case it falls down.

Mostly, there's the expectation of physical security or, at least,
privacy, when it comes to a house. If someone's rattling door knobs,
it's not unreasonable to expect that they could be there to rob or do
you harm, as the human race does not have a significant history of
peaceful/harmless door rattling practices (that I know of).

Now, when it comes to the internet and networks in general, we've
entered a whole new world where many old ways of looking at things,
tempting as they are, don't fit. There's also no real relevance to
fearing for your physical safety if someone's probing your net.

To a good extent I might be talking out of my ass here, but I'd welcome
feedback.

Cheers,
B


-- 
 freebyron.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ